[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/kubernetes/kubernetes
After=network.target

[Service]
ExecStart=/usr/local/bin/kube-controller-manager \
  --allocate-node-cidrs=true \
  --authentication-kubeconfig=/etc/kubernetes/kube-controller-manager.kubeconfig \
  --authorization-kubeconfig=/etc/kubernetes/kube-controller-manager.kubeconfig \
  --bind-address={{ controllerManager.bindAddress | default('127.0.0.1') }} \
  --client-ca-file=/etc/kubernetes/pki/ca.crt \
  --cluster-cidr={{ networking.podSubnet | default('10.244.0.0/16')  }} \
  --cluster-name=kubernetes \
  --cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt \
  --cluster-signing-key-file=/etc/kubernetes/pki/ca.key \
  --controllers=*,bootstrapsigner,tokencleaner \
  --kubeconfig=/etc/kubernetes/kube-controller-manager.kubeconfig \
  --leader-elect=true \
  --secure-port=10257 \
  --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt \
  --root-ca-file=/etc/kubernetes/pki/ca.crt \
  --service-account-private-key-file=/etc/kubernetes/pki/sa.key \
  --service-cluster-ip-range={{ networking.serviceSubnet | default('10.96.0.0/12') }} \
  --use-service-account-credentials=true \
  --tls-cert-file=/etc/kubernetes/pki/kube-controller-manager.crt \
  --tls-private-key-file=/etc/kubernetes/pki/kube-controller-manager.key \
  --feature-gates=RotateKubeletServerCertificate=true \
{% if controllerManager.extraArgs is defined %}
{% for extraArg in controllerManager.extraArgs %}
  {{ extraArg }} \
{% endfor %}
{% endif %}
  --v={{ controllerManager.log.level | default(1) }}


Restart=always
RestartSec=10s

[Install]
WantedBy=multi-user.target
